Highlights:

  • According to the report, Local File Inclusion remains the most common attack vector, with a 193% year-over-year increase.
  • Another emerging attack vector that poses a significant threat to organizations is server-side request forgery.

According to new research from Akamai Technologies Inc., a content delivery network and cloud services provider, application and application programming interface attacks increased by 137% through 2022.

According to the study “Slipping through the Security Gaps: The Rise of Application and API Attacks Against Organizations,” there has been an increase in application and API attacks regarding frequency and complexity as adversaries seek more innovative ways to exploit the expanding attack surface.

2022 was discovered to be a record-breaking year for application and API attacks. The 137% increase is a major concern as organizations adopt more web applications and APIs to enhance their business and increase customer ease of use. According to the report, Local File Inclusion remains the most common attack vector, with a 193% year-over-year increase.

In the research, Akamai researchers also detail several emerging attack vectors, such as Server-Side Template Injections. SSTI is a technique in which attackers exploit notable vulnerabilities such as Spring4Shell, Log4Shell, and the Atlassian Confluence vulnerability. Attacks can result in remote code execution and data exfiltration, posing serious business risks.

Another emerging attack vector that poses a significant threat to organizations is Server-Side Request Forgery. Through 2022, Akamai observed an average of 14 million SSRF attempts per day against its customers’ web applications and APIs.

Broken Object Level Authorization has also been identified as an increasing source of concern. BOLA is a simple but high-risk attack method that allows access to other users’ information.

Other findings in the report included an 82% increase in the healthcare industry attacks because of the adoption of the “internet of medical things” in the healthcare sector, which expanded the healthcare attack surface—because of the proliferation of the Internet of Things connections and the massive data collected from this sector’s equipment, median attacks on the manufacturing industry increased by 76% last year.

Akamai’s Senior Vice President and General Manager of application security, Rupesh Chokshi, said in a statement, “As cybercriminals evaluate who provides the best return on investment based on the level of effort, the value of data, or the likelihood of paying extortion, we often see shifts in attack trends.”